Metasploit Takes Aim at Cisco Insecurity
Dec 18, 2010, 09:05 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to SMK for this link.
"The Metasploit security vulnerability testing
framework is getting an update this week with the Metasploit 3.5.1
release, which includes new capabilities that take aim at
networking gear from Cisco.
"Metasploit provides a framework with which security researchers
can test and enumerate the security posture of their networks. The
addition of specific features that target Cisco (NASDAQ: CSCO)
equipment isn't directly related to any specific, newly discovered
exploits in Cisco technology.
""We did not coordinate with Cisco's PSIRT (Product Security
Incident Response Team) as the two vulnerabilities exploited by
this feature are over 10 years old – authentication bypass
flaws in the IOS HTTP service," HD Moore, Rapid7 Chief Security
Officer and Metasploit chief architect told InternetNews.com.
"There are a number of tools that support each of these attacks
methods individually, but the value provided by this release is in
the attack chaining and automation.""